India DPDP Act, 2023 — what this means for you

We process your data on the legal basis of consent (DPDP §6). You consent at the moment you sign in, submit an inquiry, post a review, or claim a school. The exact wording you agreed to is logged into your consent ledger.

MeetSchools. Registered office in Gurgaon, Haryana. Grievance Officer: grievance@meetschools.com.

1. Access — download all your data as JSON from /account/export.
2. Correction — edit phone / name in /account; everything else: email the grievance officer.
3. Erasure — schedule deletion at /account/delete (30-day grace; hard-delete after).
4. Withdrawal of consent — deleting your account withdraws all open consents in one step. Granular per-purpose withdrawal lands in a future release.
5. Grievance redressal — see /grievance. We respond within 30 days as required by DPDP §13.
6. Nominate — DPDP §14 allows you to nominate another individual to exercise your rights if you can't. Email the grievance officer with the nominee's details.

Your data is stored in AWS Mumbai (ap-south-1). Two processors operate outside India:

• Anthropic (US) — receives only your AI Counselor chat messages, not your account record.
• MSG91 (India), Razorpay (India), and AWS SES (Mumbai region) — operate within India.

We don't transfer your data to any country the Government of India has restricted under DPDP §16.

• IPs are hashed (SHA-256, truncated to 32 hex) at the edge — we never store raw IPs.
• All in-transit traffic is TLS 1.3 (Cloudflare + AWS ALB).
• Secrets are stored in AWS Secrets Manager and read at boot via instance roles — no long-lived keys in code or .env files.
• The consent ledger is append-only. Once written, a row can be deleted (account erasure) but not edited.

DPDP rules are still being clarified by MeitY. We update this page within seven days of any rule that affects how we operate. Watch the "Last updated" date on the privacy notice.